Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - November 9, 2007

by Marianna Schmudlach / November 9, 2007 1:32 AM PST

Gentoo update for nagios-plugins

Secunia Advisory: SA27609
Release Date: 2007-11-09


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for nagios-plugins. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

For more information:
SA27124
SA27419

Solution:
Update to "net-analyzer/nagios-plugins-1.4.10-r1" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200711-11.xml

Other References:
SA27124:
http://secunia.com/advisories/27124/

SA27419:
http://secunia.com/advisories/27419/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - November 9, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - November 9, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Gentoo update for tomboy
by Marianna Schmudlach / November 9, 2007 1:33 AM PST

Secunia Advisory: SA27608
Release Date: 2007-11-09


Critical:
Not critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for tomboy. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.

For more information:
SA26480

Solution:
Update to "app-misc/tomboy-0.8.1-r1" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200711-12.xml

Other References:
SA26480:
http://secunia.com/advisories/26480/

Collapse -
Gentoo update for 3proxy
by Marianna Schmudlach / November 9, 2007 1:35 AM PST

Secunia Advisory: SA27607
Release Date: 2007-11-09


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for 3proxy. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

For more information:
SA27353

Solution:
Update to "net-proxy/3proxy-0.5.3j" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200711-13.xml

Other References:
SA27353:
http://secunia.com/advisories/27353/

Collapse -
HP-UX Aries PA-RISC Emulator Unauthorized Access Vulnerabili
by Marianna Schmudlach / November 9, 2007 1:36 AM PST

Secunia Advisory: SA27606
Release Date: 2007-11-09


Critical:
Less critical
Impact: Security Bypass

Where: Local system

Solution Status: Vendor Patch


OS: HP-UX 11.x

Description:
A vulnerability has been reported in HP-UX, which can potentially be exploited by malicious, local users to bypass certain security restrictions.

The vulnerability is caused due to an unspecified error within the Aries PA-RISC emulation software and can potentially be exploited by malicious users to gain unauthorized access to an affected system.

The vulnerability affects HP-UX B.11.23 (IA) and B.11.31 on IA-64 platforms, running Aries PA-RISC.

Solution:
Apply patches.

HP-UX B.11.23:
Install PHSS_35528 or subsequent.

HP-UX B.11.31:
Install PHSS_36311 or subsequent.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
HPSBUX02285 SSRT071484:
http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01241483

Collapse -
Mozilla Firefox "jar:" Protocol Handling Cross-Site Scriptin
by Marianna Schmudlach / November 9, 2007 1:37 AM PST

Mozilla Firefox "jar:" Protocol Handling Cross-Site Scripting Security Issue

Secunia Advisory: SA27605
Release Date: 2007-11-09


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Mozilla Firefox 2.0.x

Description:
A security issue has been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks.

The problem is that the "jar:" protocol handler does not validate the MIME type of the contents of an archive, which are then executed in the context of the site hosting the archive. This can be exploited to conduct cross-site scripting attacks on sites that allow a user to upload certain files (e.g. .zip, .png, .doc, .odt, .txt).

Solution:
Do not follow untrusted "jar:" links or browse untrusted websites.

Provided and/or discovered by:
Reported by Jesse Ruderman in a Bugzilla entry.

Independently discovered by pdp.

Original Advisory:
Mozilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=369814

GNUCITIZEN:
http://www.gnucitizen.org/blog/web-mayhem-firefoxs-jar-protocol-issues

Other References:
US-CERT VU#715737:
http://www.kb.cert.org/vuls/id/715737

Collapse -
Sun Solaris Mozilla 1.7 Multiple Vulnerabilities
by Marianna Schmudlach / November 9, 2007 1:38 AM PST

Secunia Advisory: SA27603
Release Date: 2007-11-09


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


OS: Sun Solaris 10
Sun Solaris 8
Sun Solaris 9

Description:
Sun has acknowledged multiple vulnerabilities in Mozilla 1.7 for Sun Solaris, which can be exploited by malicious people to compromise a user's system.

For more information:
SA22722

The vulnerabilities are reported in Sun Solaris 8, 9, and 10 for both the x86 and SPARC platforms.

Solution:
The vendor recommends to disable the JavaScript support.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103139-1

Other References:
SA22722:
http://secunia.com/advisories/22722/

Collapse -
BROCHURE SERVICE "ID" SQL Injection
by Marianna Schmudlach / November 9, 2007 1:40 AM PST

Secunia Advisory: SA27602
Release Date: 2007-11-09


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: BROCHURE SERVICE

Description:
Aria-Security Team have reported a vulnerability in BROCHURE SERVICE, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "ID" parameter in SubCategory.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Aria-Security Team

Collapse -
Mandriva update for flac
by Marianna Schmudlach / November 9, 2007 1:41 AM PST

Secunia Advisory: SA27601
Release Date: 2007-11-09


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for flac. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

For more information:
SA27210

Solution:
Apply updated packages.

Original Advisory:
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:214

Other References:
SA27210:
http://secunia.com/advisories/27210/

Collapse -
Red Hat update for tetex
by Marianna Schmudlach / November 9, 2007 1:42 AM PST

Secunia Advisory: SA27599
Release Date: 2007-11-09


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4

Description:
Red Hat has issued an update for tetex. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA26293

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
http://rhn.redhat.com/errata/RHSA-2007-1027.html

Other References:
SA26293:
http://secunia.com/advisories/26293/

Collapse -
Mandriva update for pcre
by Marianna Schmudlach / November 9, 2007 1:44 AM PST

Secunia Advisory: SA27598
Release Date: 2007-11-09


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for pcre. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

For more information:
SA27543

Solution:
Apply updated packages.

Original Advisory:
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:212

Other References:
SA27543:
http://secunia.com/advisories/27543/

Collapse -
Red Hat update for openldap
by Marianna Schmudlach / November 9, 2007 1:45 AM PST

Secunia Advisory: SA27596
Release Date: 2007-11-09


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client

Description:
Red Hat has issued an update for openldap. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).

For more information:
SA27424

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2007-1037.html

Other References:
SA27424:
http://secunia.com/advisories/27424/

Collapse -
Debian update for phpmyadmin
by Marianna Schmudlach / November 9, 2007 1:47 AM PST

Secunia Advisory: SA27595
Release Date: 2007-11-09


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 3.1
Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for phpmyadmin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.

For more information:
SA27173
SA27246

Solution:
Apply updated packages.

Original Advisory:
http://www.us.debian.org/security/2007/dsa-1403

Other References:
SA27173:
http://secunia.com/advisories/27173/

SA27246:
http://secunia.com/advisories/27246/

Collapse -
Debian update for gallery2
by Marianna Schmudlach / November 9, 2007 1:48 AM PST

Secunia Advisory: SA27594
Release Date: 2007-11-09


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for gallery2. This fixes some vulnerabilities, which can be exploited by malicious users to manipulate certain data.

For more information:
SA26716

Solution:
Apply updated packages.

Original Advisory:
http://www.us.debian.org/security/2007/dsa-1404

Other References:
SA26716:
http://secunia.com/advisories/26716/

Collapse -
Mandriva update for openldap
by Marianna Schmudlach / November 9, 2007 1:49 AM PST

Secunia Advisory: SA27587
Release Date: 2007-11-09


Critical:
Less critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for openldap. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).

For more information:
SA27424

Solution:
Apply updated packages.

Original Advisory:
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:215

Other References:
SA27424:
http://secunia.com/advisories/27424/

Collapse -
UPDIR.NET "updir.php" Cross-Site Scripting Vulnerability
by Marianna Schmudlach / November 9, 2007 1:50 AM PST

Secunia Advisory: SA27581
Release Date: 2007-11-09


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: UPDIR.NET 2.x

Description:
A vulnerability has been reported in UPDIR.NET, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to certain unspecified parameters in "updir.php" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions prior to 2.04.

Solution:
Update to version 2.04.

Provided and/or discovered by:
Reported via JVN.

Original Advisory:
UPDIR.NET:
http://updir.net/osirase.html

JVN:
http://jvn.jp/jp/JVN%2399453765/index.html

Collapse -
Request for travel "cmbCat" SQL Injection
by Marianna Schmudlach / November 9, 2007 1:51 AM PST

Secunia Advisory: SA27571
Release Date: 2007-11-09


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Request for travel



Description:
Aria-Security Team have reported a vulnerability in Request for travel, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "cmbCat" parameter in agencyCatResult.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Aria-Security Team

Collapse -
Pioneers Denial of Service Vulnerability
by Marianna Schmudlach / November 9, 2007 1:52 AM PST

Secunia Advisory: SA27522
Release Date: 2007-11-09


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


Software: Pioneers (formerly gnocatan) 0.x

Description:
Bas Wijnen has reported a vulnerability in Pioneers, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a session object being deleted while still in use. This can be exploited to crash the Pioneers server by sending specially crafted data.

The vulnerability is reported in versions prior to 0.11.3.

Solution:
Update to version 0.11.3.

Provided and/or discovered by:
Bas Wijnen

Original Advisory:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449541

Collapse -
USVN Information Disclosure Security Issue
by Marianna Schmudlach / November 9, 2007 1:54 AM PST

Secunia Advisory: SA27521
Release Date: 2007-11-09


Critical:
Less critical
Impact: Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: USVN 0.x



Description:
A security issue has been reported in USVN, which can be exploited by malicious users to disclose potentially sensitive information.

The security issue is caused due to USVN not properly restricting access to Subversion folders, which can be exploited to disclose files in a Subversion repository.

The security issue is reported in versions prior to 0.6.5.

Solution:
Update to version 0.6.5.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.usvn.info/news/

Collapse -
Miranda IM "ext_yahoo_contact_added()" Format String Vulnera
by Marianna Schmudlach / November 9, 2007 1:55 AM PST

Miranda IM "ext_yahoo_contact_added()" Format String Vulnerability




Secunia Advisory: SA27402
Release Date: 2007-11-09


Critical:
Less critical
Impact: System access

Where: From remote

Solution Status: Vendor Workaround


Software: Miranda IM 0.x

Description:
Secunia Research has discovered a vulnerability in Miranda IM, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a format string error within "ext_yahoo_contact_added()" in yahoo.c and can be exploited via a "Y7 Buddy Authorization" packet containing format string specifiers.

Successful exploitation allows execution of arbitrary code but requires that the user e.g. is tricked into connecting to a malicious server.

The vulnerability is confirmed in version 0.7.1.

Solution:
Fixed in the SVN repository.

Provided and/or discovered by:
Secunia Research

Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2007-89/

Collapse -
Only two security updates on Microsoft's next Patch Tuesday
by Marianna Schmudlach / November 9, 2007 2:23 PM PST

09.11.2007

The updates will reportedly remedy vulnerabilities in Windows 2000 SP4, XP SP2 and Server 2003 SP1/SP2, one of which has been categorized as critical because it allows code to be injected and executed.

The announcement does not, however, say how many holes will be closed in total. The second update relates to a spoofing vulnerability. Once again, Redmond did not provide any further details.

As usual, the Software Removal Tool will be updated. In addition, Microsoft has announced three additional updates not related to security for next Patch Tuesday; they will be distributed via Microsoft Update (WU) and Windows Server Update Services (WSUS).

http://www.heise-security.co.uk/news/98729

Collapse -
DoS vulnerability remedied in Linux kernel
by Marianna Schmudlach / November 9, 2007 2:25 PM PST

Report of 09.11.2007

Version 2.6.23 of the Linux kernel remedies a vulnerability in its 80211 WLAN code. A flaw in the function ieee80211_rx in net/ieee80211/ieee80211_rx.c can allow specially crafted WLAN frames to provoke a kernel panic if the IEEE80211_STYPE_QOS_DATA flag is set. Attackers need only send a manipulated frame to a PC or the victim's desktop.

However, few WLAN drivers use the code because they generally have their own. Back in April 2006, the IEEE80211 subsystem adopted in Linux 2.6.14 was dropped as the base framework for various wireless drivers. The kernel's new WLAN stack is called mac80211.

But older notebooks with Centrino chipsets may still use the old WLAN stack. Nevertheless, the kernel developers say that the WLAN card or the chip's firmware would first have to let the specially crafted WLAN packet in for the flaw to even be relevant. It is not clear which, if any, cards do so.

http://www.heise-security.co.uk/news/98730

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?